Risks
Advisories
Browse
or
or
Caldera Security Advisory - Volution Manager: Directory Administrator password in cleartext
______________________________________________________________________________ 


                Caldera International, Inc. Security Advisory 


Subject: Volution Manager: Directory Administrator password in cleartext 
Advisory number: CSSA-2002-024.0 
Issue date: 2002 June 3 
Cross reference: 
______________________________________________________________________________ 



1. Problem Description 


        Volution Manager stores the unencrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 


        This vulnerability will be corrected in the next release of 
        Volution Manager. 



2. Vulnerable Supported Versions 



        System Package 
        ---------------------------------------------------------------------- 
        Volution Manager 1.1 Standard 



3. Solution 


        Volution Manager stores the un-encrypted Directory 
        Administrator's password in the /etc/ldap/slapd.conf file. 
        The password line looks similar to this: 


                rootpw <clear_text_password> 


        Caldera strongly recommends that you encrypt this password, 
        using the following steps: 


        As the root user, run slappasswd, entering your desired 
        password at the prompts (the example uses newpasswd as the new 
        password; the password will not be seen as you type it). 


        # slappasswd 
        New password: newpasswd 
        Re-enter new password: newpasswd 
        {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 
        # 


        The output is the new, encrypted password. In the file 
        /etc/ldap/slapd.conf, replace the previous rootpw line with a 
        line containing the new, encrypted password so that the line 
        looks similar to this: 


                rootpw {SSHA}AvcGnFPjUCqbIs/Ki8XfiOYJwttfwnRz 



4. References 


        Specific references for this advisory: 
                none 


        Caldera OpenLinux security resources: 
                http://www.caldera.com/support/security/index.html 


        Caldera UNIX security resources: 
                http://stage.caldera.com/support/security/ 


        This security advisory closes Caldera incidents sr864231, 
        erg501574. 




5. Disclaimer 


        Caldera International, Inc. is not responsible for the misuse 
        of any of the information we provide on this website and/or 
        through our security advisories. Our advisories are a service 
        to our customers intended to promote secure installation and 
        use of Caldera products. 


______________________________________________________________________________ 



-----BEGIN PGP SIGNATURE----- 
Version: GnuPG v1.0.6 (SCO_SV) 
Comment: For info see http://www.gnupg.org 


iEYEARECAAYFAjz72JMACgkQbluZssSXDTFGYQCfX0cnLbZoZjuVYlv/oMgkdRWd 
ZyQAniNtDNeeCoU8zZfWkbsC03tx5Bp1 
=Hb6I 
-----END PGP SIGNATURE----- 




Spotlight

The security threat of unsanctioned file sharing

Posted on 31 October 2014.  |  Organisational leadership is failing to respond to the escalating risk of ungoverned file sharing practices among their employees, and employees routinely breach IT policies.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 31st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //